Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/17/2019
10:00 AM
Jim Gordon
Jim Gordon
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity

Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.

For an industry that has shown aggressive growth over the last decade — and is projected to increase spending by 9.4% from 2018 to 2019 — the cybersecurity market continues to see more breaches and more money and data stolen. I believe that diversity and inclusion should be a foundational element for driving the advancement of cybersecurity, one that can rapidly improve those outcomes. But unfortunately, that isn't a reality today. According to a recent study, women represent just 24% of the cybersecurity workforce today, and they're getting paid nearly 12% less than men. This industry can do better. But how?

While many organizations are working to solve diversity issues such as gender and ethnic disparity, the overall industry is still a serial laggard. This is puzzling considering the fact that we have negative unemployment with the average security salary currently at US$91,500. Despite these well-paying, abundant job opportunities, clicks on job listings in 2018 decreased by 1.3%. There are many factors contributing to these numbers, but one major influence is that the security market is much like general tech was 25 years ago. Innovation is fast and furious, and start-up culture is rampant. This can result in a lack of diversity, which can alienate the many minority demographics that make up a significant portion of the total available workforce.

An industry culture defined by diversity and inclusion can bring about the type of new ideas and approaches that spur innovation and solve age-old problems. What exactly do I mean by diversity and inclusion? It's about having a workplace that's open to all, that represents varying perspectives from many different backgrounds — one that's closed to none. It's about making sure each member of your workforce is empowered daily to contribute in a way that realizes their maximum innate potential, which ultimately contributes to the success of the organization at large.

Sparking cultural shifts within an organization — and throughout an entire industry — can feel like a monumental task, but the juice is well worth the squeeze. Working at Intel, I've had the opportunity to be on the front lines of the diversity and inclusion work, and I'm heartened by the progress we're beginning to make, starting with three key elements:

Leadership: A top-down organizations starts with the CEO or other top leadership executives making a public commitment and sharing the specific terms of that commitment. This absolutely has to include a set of defined (quantitative) outcomes and a clear-cut time frame by which to measure progress and results. From there, these same leadership representatives must show up, quarter after quarter and year after year, to publicly renew those commitments and provide insight into the advancements that have been made along the way. A group of our most senior leaders meet with our chief diversity and inclusion officer every month.

Investment: Many corporate projects or initiatives use incremental funding. However, to truly affect meaningful change, diversity and inclusion programs require investment on a completely different scale. For example, recruiting diverse candidates straight out of school means you have to dramatically expand the roster of universities with which you engage. If you want to close the pay gap and introduce more inclusive benefits, you must allocate the appropriate funding.

Permanent change: Diversity and inclusion is not an HR function or policy, led and administered by a single division within a company. These programs need to be adopted broadly throughout the organization, and supported indefinitely by employees in every department, at every level. Progress must be measured regularly, reported on publicly and adjusted frequently. A permanent commitment to diversity and inclusion changes everything — from how you run meetings and write job descriptions to how you manage compensation and promotions, and much more.

Implementing a new diversity program or revamping an existing initiative will involve a defined strategy. Consider these four steps:

1. Start with a baseline. Establish a quantitative diversity benchmark for where you stand as an organization. What is your current demographic breakdown? How do employees feel about diversity and inclusion issues? Why do employees leave the company? Ask the right questions up front, and you'll set a baseline that allows you to better understand how to set goals and quantify success over the long term.

2. Don't reinvent the wheel. There's a ton of great resources available in the market to help you build a successful diversity program. Find out what's worked for other organizations, modify those initiatives to fit your organization's needs, and commit to iterating regularly along the way.

3. Try new things. Many organizations fail over and over again with basic HR-driven diversity programs, expecting different results each time. Don't be afraid to aim high, make adjustments along the way, and be creative. As you begin to see progress, you'll need to fine-tune your goals, priorities, and measurement along with it.

4. Make it collective. While HR departments certainly play an important role in the change process, to generate a historic cultural shift you need commitment that starts at the top and companywide involvement that permeates every department and level. While there are a lot of different program elements organizations can bring to bear to influence diversity and inclusion, one every organization should consider is an "ally" program. At Intel our ally program is designed to encourage all employees to be allies in the workplace by demonstrating five key behaviors: be visible, listen and learn, reflect, challenge and advocate.

The good news is that today, more organizations in the cybersecurity market across the world are making diversity and inclusion a top business priority. That said, women and other minority groups are still vastly underrepresented and we have a long way to go. An industrywide shift in culture won't happen overnight, but by following key principles and best practices, you can begin accelerating your organization's path toward diversity and inclusion.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How a PIA Can CYA."

Jim Gordon is an Intel veteran of 20+ years and has held a variety of roles over this time. Most notably he served 3.5 years as chief of staff and technical assistant to Intel's then president Renée James.  He currently is GM of Ecosystem & Business ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.